package com.demo.phonerepair.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

/**
 * Spring Boot 3.5.5跨域配置类
 * 提供多重保障的跨域解决方案
 */
@Configuration
public class CorsConfig {

    /**
     * 方法1：使用CorsFilter实现全局跨域
     * 这是Spring提供的标准跨域过滤器实现
     */
    @Bean
    public CorsFilter corsFilter() {
        // 创建CORS配置对象
        CorsConfiguration config = new CorsConfiguration();
        
        // 设置允许的源 - Spring Boot 3.x推荐使用allowedOriginPatterns而非allowedOrigins
        config.addAllowedOriginPattern("*");
        
        // 允许携带Cookie等凭证信息
        config.setAllowCredentials(true);
        
        // 允许的请求头
        config.addAllowedHeader("*");
        
        // 允许的HTTP方法，包括预检请求的OPTIONS方法
        config.addAllowedMethod("*");
        
        // 设置预检请求的缓存时间（秒），减少重复请求
        config.setMaxAge(3600L);
        
        // 暴露的响应头，使前端能够获取这些头信息
        config.addExposedHeader("Authorization");
        config.addExposedHeader("Content-Type");
        config.addExposedHeader("X-Total-Count");
        config.addExposedHeader("Content-Disposition");
        
        // 注册CORS配置到所有路径
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", config);
        
        return new CorsFilter(source);
    }
    
    /**
     * 方法2：实现WebMvcConfigurer接口，提供备用跨域配置
     * 作为CorsFilter的补充，确保跨域配置万无一失
     */
    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurer() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**")
                        .allowedOriginPatterns("*")
                        .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
                        .allowedHeaders("*")
                        .allowCredentials(true)
                        .exposedHeaders("Authorization")
                        .maxAge(3600);
            }
        };
    }
    
    /**
     * 方法3：提供CorsConfigurationSource bean
     * 用于与Spring Security集成（如果将来需要添加安全框架）
     */
    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.addAllowedOriginPattern("*");
        configuration.setAllowCredentials(true);
        configuration.addAllowedHeader("*");
        configuration.addAllowedMethod("*");
        configuration.setMaxAge(3600L);
        
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}